Chapter Insights

Are you ready for the GDPR?

If your organization is US or Canadian-based and you have US or Canadian members, you may not have to be concerned about the GDPR.

But, it is important to be aware of the EU’s (European Union) changes to their data protection and privacy rules, and these changes will affect some organizations outside of the EU. If there is any chance your organization collects, stores and/or shares the personal data of EU citizens, you should know about the GDPR, and you may need to adjust the methods your organization uses related to that data.

What is the GDPR?

The GDPR, or the General Data Protection Regulation, is in effect. The EU is implementing these changes in response to the significant increase in the amount of personal information collected and used today. The overall mission of the GDPR is to give consumers greater control over that personal data.

Areas this regulation addresses include:

Data Breach Reporting

Personal Data Consent

Data Portability

Personal Data Usage

What’s considered personal data under GDPR?

The GDPR defines personal data broadly. They interpret it as anything that can be used to identify an individual. In addition to a name that can include information you may – and may not – consider personal.

How will the GDPR affect US-based associations?

You may wonder how an EU regulation will affect your US-based association, especially if you don’t believe you have any dealings outside of the US. But any US-based organization with a web presence could be affected by the GDPR and will need to make some changes related to its level of data privacy.

What happens if you ignore the GDPR?

This new regulation adds significant structure to the way EU citizens’ data is used, stored and accessed and shared with third parties, and it will drive organizations to increase their accountability, transparency and compliance when transferring information electronically across borders. Organizations ignoring GDPR requirements could face costly repercussions for non-compliance, including significant fines.

Organizations that currently meet US data privacy standards should consider reviewing these requirements. A data management review is always a good exercise to perform regularly.